Security Researcher
We're hiring a Security Researcher to find, explain, and help fix security risks across AI-native risk systems, cloud infrastructure, and product workflows. You'll work closely with the CTO/CISO and engineering team to turn sharp research into practical improvements.
A Malaysia-based risk analytics SaaS startup.
We provide quantitative risk solutions and consulting services to financial institutions, including banks, asset managers, and insurance companies.
Our platform focuses on building industrial-grade quantitative risk engines across market risk, credit risk, liquidity risk, and climate risk, while actively integrating AI and machine learning into risk workflows. In addition to software delivery, we work closely with clients on model design, validation, stress testing, and regulatory-aligned analytics.
As a startup, we work as a small, tight-knit team. This is not an ordinary job. Every team member plays a meaningful role in shaping the product, supporting clients, and growing the company.
Research that turns into better systems.
Product & Application Security Research
- Review application flows, APIs, authentication, authorization, and data access paths.
- Develop realistic abuse cases for risk analytics, AI agents, and client workflows.
- Validate suspected issues with careful proof-of-concept work and clear reproduction steps.
Cloud, Identity & AI Security
- Research attack paths across cloud services, IAM, secrets, CI/CD, and SaaS integrations.
- Assess risks around LLM workflows, retrieval systems, prompt injection, data leakage, and tool use.
- Partner with engineers to convert findings into repeatable guardrails and secure defaults.
Reporting & Remediation
- Write concise reports that explain impact, likelihood, evidence, and practical fixes.
- Verify remediation and help improve threat models, review checklists, and security documentation.
- Stay close to external research and translate relevant lessons into our environment.
Must-haves & nice-to-haves.
Must-Haves
- Hands-on experience with application security, vulnerability research, penetration testing, or secure code review.
- Strong understanding of web, API, authentication, authorization, and data exposure risks.
- Comfortable reading code and scripts, especially Python or JavaScript/TypeScript.
- Ability to produce clear technical writeups with practical remediation guidance.
- Strong judgement around responsible testing, evidence collection, and production safety.
- Curiosity about AI security and risk systems.
Nice-to-Haves
- Experience researching cloud, IAM, CI/CD, container, or SaaS integration weaknesses.
- Exposure to LLM security, prompt injection, agent tooling, retrieval systems, or data leakage.
- Prior experience in fintech, banking, or another regulated industry.
- Bug bounty, CTF, public research, CVEs, conference talks, or high-quality private reports.
- Certifications such as OSCP, OSWE, GWAPT, GWEB, or equivalent.
Security research with a direct path to impact.
- Real ownership Your findings directly influence how Peripamo builds, ships, and protects its systems.
- High-leverage work, no busywork Small team, direct access to decision-makers, and practical fixes over theatrical reports.
- Compounding skills Work across fintech, AI systems, cloud, application security, and regulated client expectations.
- Competitive compensation Including base salary and performance bonus.
Sound like you? Let's talk.
Send your CV and a few lines on the most interesting security work you've done. We read every application.